Certified Identity and Access Management Designer

Here you have the best Salesforce Certified Identity and Access Management Designer practice exam questions

You have 60 total questions across 12 pages (5 per page)
These questions were last updated on February 13, 2026
This site is not affiliated with or endorsed by Salesforce.

Question 1 of 60

Universal Containers (UC) has decided to build a new, highly sensitive application on the Lightning platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/password to authenticate to this application.
How can an Architect support fingerprints as a form of identification for Salesforce authentication?

Use Custom Login Flows with callouts to a third-party fingerprint scanning application.

Use Salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.

Use Delegated Authentication with callouts to a third-party fingerprint scanning application.

Use an AppExchange product that does fingerprint scanning with native Salesforce Identity Confirmation.

Question 2 of 60

Universal Containers (UC) is successfully using Delegated Authentication for their Salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company web services be REST-ful and written in .Net.
Which two considerations should the UC Architect provide to the new CIO? (Choose two.)

Delegated Authentication will continue to work with REST services.

Delegated Authentication will continue to work with a .Net service.

Delegated Authentication will not work with REST services.

Delegated Authentication will not work with a .Net service.

Question 3 of 60

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when NOT connected to an internal company network?

Apply the “Two-factor Authentication for User Interface Logins” permission and Login IP Ranges for all Profiles.

Add the company's list of network IP addresses to the Login Range list under 2FA Setup.

Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.

Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.

Question 4 of 60

What is a role of an Identity Provider in a Single Sign-on setup using SAML?

Consume assertion

Revoke assertion

Validate assertion

Create assertion

Question 5 of 60

Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

Require the use of Salesforce security tokens on passwords.

Enforce mutual authentication between systems using SSL.

Set up a proxy service for the login service in the DMZ.

Include Client Id and Client Secret in the login header callout.

About the Salesforce Certified Identity and Access Management Designer Certification Exam

About the Exam

The Salesforce Certified Identity and Access Management Designer (Certified Identity and Access Management Designer) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 60 practice questions across 12 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our Certified Identity and Access Management Designer questions are regularly updated to reflect the latest exam objectives.